Active Directory Garbage Collection Causes DCs to Run Slow or Stop Responding
Posted by John Policelli on March 9th, 2010
Microsoft has acknowledged an issue with the Active Directory garbage collection process, which may cause a domain controller to run slow or stop responding.
Garbage collection is a housekeeping process that is designed to free space within the Active Directory database. This process runs on every domain controller in the enterprise with a default lifetime interval of 12 hours. When an object is deleted, it is not removed from the Active Directory database. Instead, the object is instead marked for deletion at a later date. This mark is then replicated to other domain controllers. Therefore, the garbage collection process starts by removing the remains of previously deleted objects from the database. These objects are known as tombstones. Next, the garbage collection process deletes unnecessary log files. Finally, the process starts a defragmentation thread to claim additional free space.
Domain controllers running Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 may exhibit the following symptoms:
- The DC runs slower than expected every several hours
- The DC stops responding every several hours
During this issue, CPU usage and disk I/O are very high on the DC.
This issue lasts for several minutes and then disappears.
Lastly, this issue will log one or more of the following events in the Directory Services log:
Event Type: Error
Event Source: NTDS ISAM
Event Category: (14)
Event ID: 623
Date: <date>
Time: <time>
User: N/A
Computer: <computer name>
Description: NTDS (432) NTDSA: The version store for this instance (0) has reached its maximum size of <number>. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Possible long-running transaction:
SessionId: <id>
Session-context: <context> Session-context ThreadId: <id> Cleanup: 1
Event Type: Error
Event Source: NTDS General
Event Category: Internal Processing
Event ID: 1519
Date: <date>
Time: <time>
User: NT AUTHORITY\LOCAL SERVICE
Computer: <computer name>
Description: Internal Error: Active Directory could not perform an operation because the database has run out of version storage.
Additional Data Internal ID: 2080490
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1479
Description: Active Directory could not update the following object on the local domain controller with changes received from the following source domain controller. Active Directory does not have enough database version store to apply the changes.
Object: <object DN>
Object GUID: <object GUID>
Source domain controller: <DC GUID-based DNS name>
User Action
Restart this domain controller. If this does not solve the problem, increase the size of the database version store. If you are populating the objects with a large number of values, or the size of the values is especially large, decrease the size of future changes.
Additional Data
Error value: 8573 The database is out of version store.
This issue occurs because there are many inconsistent objects or reference phantoms in the Active Directory.
Resolution
Microsoft has released a hotfix for Windows Server 2003 to address this issue. For DCs running Windows Server 2008 or Windows Server 2008 R2, you must implement a workaround, which can be found in the following KB: http://support.microsoft.com/?kbid=974803.
